Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN site to site with ASA5510 and 2801

I think I have tried everything. I dont get a hang of it. I have configured the ASA5510 with the ASDM with the VPN Guide. I have also configured the 2801 with the SDM, but the ASA says, similar to "Recived encrypted packet with no SA, dropping" Is there any guide how to do this?


Re: VPN site to site with ASA5510 and 2801


without knowing the details of your configuration, check if you have the ´crypto map set pfs´ command set, if so, that might be the reason for your error (you can turn PFS off with the ´no crypto map set pfs´ command).

Otherwise, can you post your configuration(s) ?



New Member

Re: VPN site to site with ASA5510 and 2801

asdm image disk0:/asdm504.bin

asdm location vpn

asdm location inside

asdm location dmz

no asdm history enable

: Saved


ASA Version 7.0(4)


hostname abfw01


enable password removeforsecurity encrypted



interface Ethernet0/0

nameif outside

security-level 0

ip address myoutsideip


interface Ethernet0/1

nameif inside

security-level 100

ip address


interface Ethernet0/2

nameif dmz

security-level 100

ip address


interface Ethernet0/3

nameif vpn

security-level 100

ip address


interface Management0/0

nameif management

security-level 100

ip address



passwd xxxx

ftp mode passive

same-security-traffic permit inter-interface

object-group service http-https tcp

port-object eq www

port-object eq https

access-list inside_nat0_inbound extended permit ip

access-list dmz_nat0_inbound extended permit ip

access-list vpn_cryptomap_20 extended permit ip

access-list vpn_cryptomap_20_1 extended deny ip

pager lines 24

logging enable

logging asdm informational

mtu management 1500

mtu inside 1500

mtu outside 1500

mtu dmz 1500

mtu vpn 1500

no failover

monitor-interface management

monitor-interface inside

monitor-interface outside

monitor-interface dmz

monitor-interface vpn

asdm image disk0:/asdm504.bin

no asdm history enable

arp timeout 14400

global (inside) 11 interface

global (outside) 10 interface

global (dmz) 12 interface

global (vpn) 14

global (vpn) 13 interface

nat (inside) 0 access-list inside_nat0_inbound outside

nat (inside) 10

nat (dmz) 0 access-list dmz_nat0_inbound outside

nat (dmz) 10

nat (vpn) 10

route outside myoutsideip 1

route vpn 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http management

http outside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto map vpn_map 20 match address vpn_cryptomap_20_1

crypto map vpn_map 20 set peer

crypto map vpn_map 20 set transform-set ESP-3DES-MD5

crypto map vpn_map interface vpn

isakmp enable vpn

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group type ipsec-l2l

tunnel-group ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global


: end

New Member

Re: VPN site to site with ASA5510 and 2801

Thank you for your reply. That problem is now resolved, but the problem now is that when i try to connect to dmz or inside that doesent work. I am new to cisco prehaps i have done something wrong? (even if i am connecting from inside i cant access dmz)

Thanks in advance!